watchdog: BUG: soft lockup - CPU#0 stuck for 143s! [migration/0:15] Modules linked in: irq event stamp: 6782429 hardirqs last enabled at (6782428): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 hardirqs last disabled at (6782429): [] sysvec_apic_timer_interrupt+0xb/0xc0 arch/x86/kernel/apic/apic.c:1100 softirqs last enabled at (6743680): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last enabled at (6743680): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 softirqs last disabled at (6743685): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (6743685): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 CPU: 0 PID: 15 Comm: migration/0 Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Stopper: 0x0 <- 0x0 RIP: 0010:mac80211_hwsim_tx_frame_no_nl.isra.0+0x72e/0x1330 drivers/net/wireless/mac80211_hwsim.c:1517 Code: 44 24 08 e8 f4 75 42 fc 0f b6 44 24 08 84 c0 0f 85 a8 06 00 00 e8 a2 6f 42 fc e8 9d 6f 42 fc 48 89 d8 48 c1 e8 03 80 3c 28 00 <0f> 85 93 09 00 00 48 8b 1b 48 81 fb e0 d6 77 8c 0f 84 f7 04 00 00 RSP: 0018:ffffc90000007ba0 EFLAGS: 00000246 RAX: 1ffff110030f1654 RBX: ffff88801878b2a0 RCX: 0000000000000100 RDX: ffff888010e73880 RSI: ffffffff85333b43 RDI: 0000000000000003 RBP: dffffc0000000000 R08: 0000000000000008 R09: 0000000000000000 R10: ffffffff85333bb9 R11: 0000000000000000 R12: ffff88808bdcb8c0 R13: ffff8880a41734d0 R14: ffff8880a41732a0 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000040 CR3: 000000000b68e000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: mac80211_hwsim_tx_frame+0x1ee/0x2a0 drivers/net/wireless/mac80211_hwsim.c:1784 mac80211_hwsim_beacon_tx+0x49b/0x930 drivers/net/wireless/mac80211_hwsim.c:1838 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1861 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1601 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1618 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:__schedule+0x942/0x26f0 kernel/sched/core.c:5817 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 cb 17 00 00 4c 89 ef 4d 89 7c 24 10 4c 89 fe e8 76 0d cf f7 48 89 c7 e8 ae b1 1e f8 <48> 8b 8d 38 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c7 04 01 00 RSP: 0018:ffffc90000d47dc8 EFLAGS: 00000202 RAX: 000000000066e683 RBX: 0000000000000000 RCX: 1ffffffff1ad95d9 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90000d47e90 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff817bd418 R11: 0000000000000000 R12: ffff8880b9c51a40 R13: ffff8880b9c52500 R14: 0000000000000001 R15: ffff888010e73880 schedule+0xd3/0x270 kernel/sched/core.c:6017 smpboot_thread_fn+0x2eb/0x9c0 kernel/smpboot.c:160 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:arch_safe_halt arch/x86/include/asm/irqflags.h:90 [inline] RIP: 0010:kvm_wait arch/x86/kernel/kvm.c:888 [inline] RIP: 0010:kvm_wait+0xaf/0xf0 arch/x86/kernel/kvm.c:871 Code: 10 c3 c3 89 74 24 0c 48 89 3c 24 e8 eb a8 48 00 8b 74 24 0c 48 8b 3c 24 eb 82 e8 fc ad 48 00 eb 07 0f 00 2d 13 c6 55 08 fb f4 9b eb 07 0f 00 2d 06 c6 55 08 f4 eb c5 89 74 24 0c 48 89 3c 24 RSP: 0018:ffffc90000dc0a18 EFLAGS: 00000206 RAX: 00000000004bd996 RBX: 0000000000000000 RCX: 1ffffffff1fa40da RDX: 0000000000000000 RSI: 0000000000000102 RDI: 0000000000000000 RBP: ffffffff8c77d720 R08: 0000000000000001 R09: ffffffff8fcfa947 R10: 0000000000000001 R11: 0000000000000080 R12: 0000000000000000 R13: fffffbfff18efae4 R14: 0000000000000001 R15: ffff8880b9d52840 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00ac33430 CR3: 000000000b68e000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pv_wait arch/x86/include/asm/paravirt.h:597 [inline] pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline] __pv_queued_spin_lock_slowpath+0x8b8/0xb40 kernel/locking/qspinlock.c:508 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:113 spin_lock include/linux/spinlock.h:354 [inline] mac80211_hwsim_tx_frame_no_nl.isra.0+0x68f/0x1330 drivers/net/wireless/mac80211_hwsim.c:1516 mac80211_hwsim_tx_frame+0x1ee/0x2a0 drivers/net/wireless/mac80211_hwsim.c:1784 mac80211_hwsim_beacon_tx+0x49b/0x930 drivers/net/wireless/mac80211_hwsim.c:1838 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 net/mac80211/util.c:829 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1861 __run_hrtimer kernel/time/hrtimer.c:1537 [inline] __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1601 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1618 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline] RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline] RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:110 [inline] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553 Code: 89 de e8 bd 35 43 f8 84 db 75 ac e8 74 2f 43 f8 e8 6f 58 49 f8 eb 0c e8 68 2f 43 f8 0f 00 2d 21 fc bc 00 e8 5c 2f 43 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 a7 34 43 f8 48 85 db RSP: 0018:ffffc90000d57d18 EFLAGS: 00000293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff888010e754c0 RSI: ffffffff89327b84 RDI: 0000000000000000 RBP: ffff888012146864 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff817bd418 R11: 0000000000000000 R12: 0000000000000001 R13: ffff888012146800 R14: ffff888012146864 R15: ffff88814099e804 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:688 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351 call_cpuidle kernel/sched/idle.c:158 [inline] cpuidle_idle_call kernel/sched/idle.c:239 [inline] do_idle+0x3e8/0x590 kernel/sched/idle.c:306 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:403 start_secondary+0x265/0x340 arch/x86/kernel/smpboot.c:270 secondary_startup_64_no_verify+0xb0/0xbb ---------------- Code disassembly (best guess): 0: 44 24 08 rex.R and $0x8,%al 3: e8 f4 75 42 fc callq 0xfc4275fc 8: 0f b6 44 24 08 movzbl 0x8(%rsp),%eax d: 84 c0 test %al,%al f: 0f 85 a8 06 00 00 jne 0x6bd 15: e8 a2 6f 42 fc callq 0xfc426fbc 1a: e8 9d 6f 42 fc callq 0xfc426fbc 1f: 48 89 d8 mov %rbx,%rax 22: 48 c1 e8 03 shr $0x3,%rax 26: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) * 2a: 0f 85 93 09 00 00 jne 0x9c3 <-- trapping instruction 30: 48 8b 1b mov (%rbx),%rbx 33: 48 81 fb e0 d6 77 8c cmp $0xffffffff8c77d6e0,%rbx 3a: 0f 84 f7 04 00 00 je 0x537